{
	"id": "47a05474-7e89-45a6-a5be-83045a180e83",
	"created_at": "2026-04-06T00:22:02.915373Z",
	"updated_at": "2026-04-10T03:30:30.211785Z",
	"deleted_at": null,
	"sha1_hash": "e2007d0aeca832c144f485c6193c0e74c00b99e8",
	"title": "The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1381912,
	"plain_text": "The Mystery of ‘Jia Tan,\r\n’ the XZ Backdoor Mastermind\r\nBy Andy Greenberg, Matt Burgess\r\nPublished: 2024-04-03 · Archived: 2026-04-05 18:07:00 UTC\r\nThe thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were\r\nbehind the persona that inserted the malicious code.\r\nPhotograph: Henrik Sorensen/Getty Images\r\nThe scourge of software supply chain attacks—an increasingly common hacking technique that hides malicious\r\ncode in a widely used legitimate program—can take many forms. Hackers can penetrate an update server to seed\r\nout their malware, or even break into the network where the software was developed to corrupt it at the source. Or,\r\nin the case of one particularly insidious software supply chain attacker known as Jia Tan, they can spend two years\r\npolitely and enthusiastically volunteering to help.\r\nYou’ve read your last free article.\r\nhttps://www.wired.com/story/jia-tan-xz-backdoor/\r\nPage 1 of 4\n\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters—cancel anytime.\r\nSTART FREE TRIAL\r\nAlready a subscriber? Sign In\r\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters START FREE TRIAL\r\nBig Interview: Chris Hayes makes a living from attention\r\nhttps://www.wired.com/story/jia-tan-xz-backdoor/\r\nPage 2 of 4\n\nAndy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author\r\nof the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New\r\nEra of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More\r\nhttps://www.wired.com/story/jia-tan-xz-backdoor/\r\nPage 3 of 4\n\nMatt Burgess is a senior writer at WIRED focused on information security, privacy, and data regulation in Europe.\r\nHe graduated from the University of Sheffield with a degree in journalism and now lives in London. Send tips to\r\nMatt_Burgess@wired.com. ... Read More\r\nDon't Just Keep Up. Get Ahead\r\nSign up for the Daily newsletter to get our biggest stories, handpicked for you each day.\r\nSource: https://www.wired.com/story/jia-tan-xz-backdoor/\r\nhttps://www.wired.com/story/jia-tan-xz-backdoor/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.wired.com/story/jia-tan-xz-backdoor/"
	],
	"report_names": [
		"jia-tan-xz-backdoor"
	],
	"threat_actors": [
		{
			"id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df",
			"created_at": "2023-01-06T13:46:38.402513Z",
			"updated_at": "2026-04-10T02:00:02.959797Z",
			"deleted_at": null,
			"main_name": "Sandworm",
			"aliases": [
				"IRIDIUM",
				"Blue Echidna",
				"VOODOO BEAR",
				"FROZENBARENTS",
				"UAC-0113",
				"Seashell Blizzard",
				"UAC-0082",
				"APT44",
				"Quedagh",
				"TEMP.Noble",
				"IRON VIKING",
				"G0034",
				"ELECTRUM",
				"TeleBots"
			],
			"source_name": "MISPGALAXY:Sandworm",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7bd810cb-d674-4763-86eb-2cc182d24ea0",
			"created_at": "2022-10-25T16:07:24.1537Z",
			"updated_at": "2026-04-10T02:00:04.883793Z",
			"deleted_at": null,
			"main_name": "Sandworm Team",
			"aliases": [
				"APT 44",
				"ATK 14",
				"BE2",
				"Blue Echidna",
				"CTG-7263",
				"FROZENBARENTS",
				"G0034",
				"Grey Tornado",
				"IRIDIUM",
				"Iron Viking",
				"Quedagh",
				"Razing Ursa",
				"Sandworm",
				"Sandworm Team",
				"Seashell Blizzard",
				"TEMP.Noble",
				"UAC-0082",
				"UAC-0113",
				"UAC-0125",
				"UAC-0133",
				"Voodoo Bear"
			],
			"source_name": "ETDA:Sandworm Team",
			"tools": [
				"AWFULSHRED",
				"ArguePatch",
				"BIASBOAT",
				"Black Energy",
				"BlackEnergy",
				"CaddyWiper",
				"Colibri Loader",
				"Cyclops Blink",
				"CyclopsBlink",
				"DCRat",
				"DarkCrystal RAT",
				"Fobushell",
				"GOSSIPFLOW",
				"Gcat",
				"IcyWell",
				"Industroyer2",
				"JaguarBlade",
				"JuicyPotato",
				"Kapeka",
				"KillDisk.NCX",
				"LOADGRIP",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"ORCSHRED",
				"P.A.S.",
				"PassKillDisk",
				"Pitvotnacci",
				"PsList",
				"QUEUESEED",
				"RansomBoggs",
				"RottenPotato",
				"SOLOSHRED",
				"SwiftSlicer",
				"VPNFilter",
				"Warzone",
				"Warzone RAT",
				"Weevly"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434922,
	"ts_updated_at": 1775791830,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e2007d0aeca832c144f485c6193c0e74c00b99e8.pdf",
		"text": "https://archive.orkl.eu/e2007d0aeca832c144f485c6193c0e74c00b99e8.txt",
		"img": "https://archive.orkl.eu/e2007d0aeca832c144f485c6193c0e74c00b99e8.jpg"
	}
}